
Security Analyst, Architect
United States - North Carolina - RaleighInformation TechnologyRegularJob Description
Gilead Sciences, Inc. is a biopharmaceutical company that has pursued and achieved breakthroughs in medicine for more than three decades, with the goal of creating a healthier world for all people. The company is committed to pursuing scientific invention to prevent and treat life-threatening diseases, including HIV, viral hepatitis and cancer. Gilead has operations in more than 35 countries worldwide, with headquarters in Foster City, California.
You will be part of a team that is helping millions of people live healthier, more fulfilling lives. We are a close community where every individual matters and everyone has a chance to enhance their skills through ongoing development. Inclusion is one of our core values, which means we are creating and fostering a work environment where our differences are valued, and everyone feels respected and empowered to bring their authentic selves to work. By joining Gilead, you will further our mission to discover, develop and deliver innovative therapeutics for people with life-threatening diseases.
The Gilead Business Services center in Raleigh’s Research Triangle region will be home to some of the company’s critical shared service teams in North America, including Information Technology, Global Financial Solutions, HR Operations and Procurement Services Desk. These functions provide the necessary support to ensure Gilead’s business runs effectively and efficiently. The center will also be a catalyst for standardization of processes, digital transformation and technology
optimization.
This role will act as part of the IT Security Architecture and Governances team focusing on security architecture and compliance. They will perform Security Architecture assessments for incoming vendors and projects, reviewing them for compliance with Company’s security requirements and controls. This role may also act in advisory position, providing guidance as to the appropriate controls for a project based on the data involved and the hosting model, identifying the controls, validating that they are included in the design and included in the test plan. They will also participate in assessments related to additional controls necessary for systems that reside in high risk countries. They will also participate in the risk and compliance processes drafting standards and polices and participating is system audits.
Key Job Functions:
- Security architecture assessments (includes on-prem, SaaS, PaaS & IaaS, and related integrations) and related governance processes and controls
- Review and participate in drafting vendor and project controls & standards
- POC architecture assessments
- IT Security capability mapping
- Compliance audits
- Act as interface with Privacy team for assessments.
- Create Security & vendor Assessment documents
- Participate in assessment process development
- Participate in risk process and Risk Register reviews
- Interface with the IT Security Operations and Engineering teams
Basic Qualifications:
High School Degree and Twelve Year's Experience OR Associates Degree and Ten Years Experience OR Bachelor's Degree and Eight Years’ Experience OR
Masters' Degree and Six Years’ Experience OR Ph.D.
Preferred Qualifications:
- Strong verbal and written communication skills the ability to adapt information delivery based on the target audience.
- Ability to interpret, understand, and communicate real business risks in relation to technology risks.
- Ability to create or review controls for protection of systems and applications.
- Knowledge of information security principles, concepts, practices, systems software, database software, and immediate access storage technology to carry out activities relating to security certification and accreditation.
- Ability to provide expert technical advice, guidance, and recommendations to management and other technical specialists on critical information technology security issues.
- Experience with security tools and platforms including SIEM, IPS/IDS, SecOps, Endpoint and Server protection, Network protection, Firewalls, etc.
- Knowledge of Federated Identity Management, Single Sign On, and Enterprise class Identity and Access Management solutions (e.g. technology, processes, architecture, etc.)
- Very strong security awareness and knowledge.
- Strong understanding of key infrastructure systems (AD, Linux, Databases, Virtual Environment).
- Proven ability at building working relationships with partners, peers, and senior Management.
- Ability to multitask and manage multiple topics and demands concurrently.
- Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management.
- Highly organized, results-oriented, practical and attentive to details.
- Self-motivated, proactive, independent and responsive – requires little supervisory attention.
- High level of personal integrity consistent with Company’s core values.